Frakti

简介

Frakti是一个基于Kubelet CRI的运行时,它提供了hypervisor级别的隔离性,特别适用于运行不可信应用以及多租户场景下。Frakti实现了一个混合运行时:

  • 特权容器以Docker container的方式运行
  • 而普通容器则以hyper container的方法运行在VM内

Allinone安装方法

Frakti提供了一个简便的安装脚本,可以一键在Ubuntu或CentOS上启动一个本机的Kubernetes+frakti集群。

  1. curl -sSL https://github.com/kubernetes/frakti/raw/master/cluster/allinone.sh | bash

集群部署

首先需要在所有机器上安装hyperd, docker, frakti, CNI 和 kubelet。

安装hyperd

Ubuntu 16.04+:

  1. apt-get update && apt-get install -y qemu libvirt-bin
  2. curl -sSL https://hypercontainer.io/install | bash

CentOS 7:

  1. curl -sSL https://hypercontainer.io/install | bash

配置hyperd:

  1. echo -e "Kernel=/var/lib/hyper/kernel\n\
  2. Initrd=/var/lib/hyper/hyper-initrd.img\n\
  3. Hypervisor=qemu\n\
  4. StorageDriver=overlay\n\
  5. gRPCHost=127.0.0.1:22318" > /etc/hyper/config
  6. systemctl enable hyperd
  7. systemctl restart hyperd

安装docker

Ubuntu 16.04+:

  1. apt-get update
  2. apt-get install -y docker.io

CentOS 7:

  1. yum install -y docker

启动docker:

  1. systemctl enable docker
  2. systemctl start docker

安装frakti

  1. curl -sSL https://github.com/kubernetes/frakti/releases/download/v0.2/frakti -o /usr/bin/frakti
  2. chmod +x /usr/bin/frakti
  3. cgroup_driver=$(docker info | awk '/Cgroup Driver/{print $3}')
  4. cat <<EOF > /lib/systemd/system/frakti.service
  5. [Unit]
  6. Description=Hypervisor-based container runtime for Kubernetes
  7. Documentation=https://github.com/kubernetes/frakti
  8. After=network.target
  9. [Service]
  10. ExecStart=/usr/bin/frakti --v=3 \
  11. --log-dir=/var/log/frakti \
  12. --logtostderr=false \
  13. --cgroup-driver=${cgroup_driver} \
  14. --listen=/var/run/frakti.sock \
  15. --streaming-server-addr=%H \
  16. --hyper-endpoint=127.0.0.1:22318
  17. MountFlags=shared
  18. TasksMax=8192
  19. LimitNOFILE=1048576
  20. LimitNPROC=1048576
  21. LimitCORE=infinity
  22. TimeoutStartSec=0
  23. Restart=on-abnormal
  24. [Install]
  25. WantedBy=multi-user.target
  26. EOF

安装CNI

Ubuntu 16.04+:

  1. apt-get update && apt-get install -y apt-transport-https
  2. curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  3. cat <<EOF > /etc/apt/sources.list.d/kubernetes.list
  4. deb http://apt.kubernetes.io/ kubernetes-xenial main
  5. EOF
  6. apt-get update
  7. apt-get install -y kubernetes-cni

CentOS 7:

  1. cat <<EOF > /etc/yum.repos.d/kubernetes.repo
  2. [kubernetes]
  3. name=Kubernetes
  4. baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64
  5. enabled=1
  6. gpgcheck=1
  7. repo_gpgcheck=1
  8. gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
  9. https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
  10. EOF
  11. setenforce 0
  12. yum install -y kubernetes-cni

配置CNI网络,注意

  • frakti目前仅支持bridge插件
  • 所有机器上Pod的子网不能相同,比如master上可以用10.244.1.0/24,而第一个Node上可以用10.244.2.0/24
  1. mkdir -p /etc/cni/net.d
  2. cat >/etc/cni/net.d/10-mynet.conf <<-EOF
  3. {
  4. "cniVersion": "0.3.0",
  5. "name": "mynet",
  6. "type": "bridge",
  7. "bridge": "cni0",
  8. "isGateway": true,
  9. "ipMasq": true,
  10. "ipam": {
  11. "type": "host-local",
  12. "subnet": "10.244.1.0/24",
  13. "routes": [
  14. { "dst": "0.0.0.0/0" }
  15. ]
  16. }
  17. }
  18. EOF
  19. cat >/etc/cni/net.d/99-loopback.conf <<-EOF
  20. {
  21. "cniVersion": "0.3.0",
  22. "type": "loopback"
  23. }
  24. EOF

安装Kubelet

Ubuntu 16.04+:

  1. apt-get install -y kubelet kubeadm kubectl

CentOS 7:

  1. yum install -y kubelet kubeadm kubectl

配置Kubelet使用frakti runtime:

  1. sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --container-runtime-endpoint=/var/run/frakti.sock --feature-gates=AllAlpha=true"' /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
  2. systemctl daemon-reload

配置Master

  1. kubeadm init kubeadm init --pod-network-cidr 10.244.0.0/16 --kubernetes-version latest
  2. # Optional: enable schedule pods on the master
  3. export KUBECONFIG=/etc/kubernetes/admin.conf
  4. kubectl taint nodes --all node-role.kubernetes.io/master:NoSchedule-

配置Node

  1. # get token on master node
  2. token=$(kubeadm token list | grep authentication,signing | awk '{print $1}')
  3. # join master on worker nodes
  4. kubeadm join --token $token ${master_ip}

配置CNI网络路由

在集群模式下,需要为容器网络配置直接路由,假设有一台master和两台Node:

  1. NODE IP_ADDRESS CONTAINER_CIDR
  2. master 10.140.0.1 10.244.1.0/24
  3. node-1 10.140.0.2 10.244.2.0/24
  4. node-2 10.140.0.3 10.244.3.0/24

CNI的网络路由可以这么配置:

  1. # on master
  2. ip route add 10.244.2.0/24 via 10.140.0.2
  3. ip route add 10.244.3.0/24 via 10.140.0.3
  4. # on node-1
  5. ip route add 10.244.1.0/24 via 10.140.0.1
  6. ip route add 10.244.3.0/24 via 10.140.0.3
  7. # on node-2
  8. ip route add 10.244.1.0/24 via 10.140.0.1
  9. ip route add 10.244.2.0/24 via 10.140.0.2

参考文档